Eliminate newlines in basic auth. fixes #2882

2022-11-09 12:12:34 -05:00 · 2011-09-06 17:25:20 -07:00 · 2011-09-06 17:25:20 -07:00 · f6ced69a11
commit f6ced69a11
parent 54b7e783ef
2 changed files with 9 additions and 1 deletions
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@ -145,7 +145,7 @@ module ActionController
      end

      def encode_credentials(user_name, password)
-        "Basic #{ActiveSupport::Base64.encode64("#{user_name}:#{password}")}"
+        "Basic #{ActiveSupport::Base64.encode64s("#{user_name}:#{password}")}"
      end

      def authentication_request(controller, realm)
--- a/actionpack/test/controller/http_basic_authentication_test.rb
+++ b/actionpack/test/controller/http_basic_authentication_test.rb
@ -85,6 +85,14 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
    end
  end

+  def test_encode_credentials_has_no_newline
+    username = 'laskjdfhalksdjfhalkjdsfhalksdjfhklsdjhalksdjfhalksdjfhlakdsjfh'
+    password = 'kjfhueyt9485osdfasdkljfh4lkjhakldjfhalkdsjf'
+    result = ActionController::HttpAuthentication::Basic.encode_credentials(
+      username, password)
+    assert_no_match(/\n/, result)
+  end
+
  test "authentication request without credential" do
    get :display